Information Security News

Verizon: Urging companies to be fully prepared for cybersecurity

Verizon: Today’s enterprises are becoming more and more aware that cybercrime will have an impact on the company’s reputation and infringe on the bottom line of the company.

Verizon’s successive annual reports, such as Data Theft Investigation Report 2019 and Internal Threat Report, continue to remind companies to strengthen the detection and prevention of cyber threat trends. Information about the state of cyber threats is important, but companies still need to prepare more comprehensive solutions to network security incidents.

During 2016-2018, Verizon conducted customer response (IR) program evaluation and data leakage simulation tests for customers. Through a summary and research of the three-year data, the Verizon Accident Preparation and Response Report (VIPR Report) provides strategic guidance for companies to develop efficient and viable IR solutions. The six standard stages of dealing with accidents Verizon experts have developed an IR plan for the company to summarize its six standard stages, including key points to help companies better understand and implement.

The summary is as follows:

1. Planning and preparation – including the construction of IR solutions that include key internal stakeholders and third parties, which is critical to effectively responding to incidents.

2. Monitoring and Validation – Monitor cybersecurity incidents and categorize incidents based on severity and source at an early stage of the IR process.

3. Control and Elimination – Focus on controlling and eliminating cybersecurity threats.

4. Collect and Analyze – Collect and analyze relevant evidence to help companies gain a deeper understanding of cybersecurity incidents, while also helping and supporting effective control of data breaches, cyber threats, post-mortem remediation, and remediation efforts.

5. Remediation and Remediation – Provides remediation and remediation measures; specifically, these measures not only ensure that business operations are back to normal but also help companies prevent or mitigate future threats.

6. Assessment and Adjustment – Update the experience summarized in the incident to the IR program to optimize cybersecurity metrics, strengthen security controls, and better guide practices.

Verizon points out that many companies believe that having an IR solution for filing means they are ready for potential cyber-attacks. However, under normal circumstances, these programs have not been activated and updated all year-round and are not sufficient to deal with current network incidents. In addition, having an outdated solution is like having no preparation. The IR program should be considered an “active document” that is regularly updated and applied to simulate leak scenarios for testing and practice to ensure the effectiveness of the program. Verizon also pointed out that the IR solution can be continuously updated and self-improved by adopting feedback from stakeholders, summarizing the experience of data leakage simulation testing, and in-depth analysis of current network strategies, so as to adapt to the ever-changing network security landscape.

Verizon’s VIPR report also includes five “data leak simulation suites” consisting of real-world scenarios to help companies and their stakeholders conduct accident simulation exercises to continuously improve their IR solutions. Real-world scenarios include internal encryption hijacking threats, malware attacks, cyber espionage, and cyber attacks related to the cloud environment.

Author: Verizon president director of Threat Research Consulting Center Ashish Thapar

Show More

Marina Alex

She's a Technology News Reporter at Next Web Hack. She has completed her Bachelor in Science (B.S) in Computer Science and also a Certified Ethical Hacker & Security Analyst by EC-Council.

Related Articles

Back to top button